-
Notifications
You must be signed in to change notification settings - Fork 521
Using APIs
h8mail is powered by APIs. Adding APIs increases h8mail's power.
h8mail is compatible with most breach searching APIs.
These services require user registration. Depending of the service, you can get a free API key for less data, and purchasable keys for all the data.
These services keep their databases updated with newer breaches, giving access to a lot of leaked data.
Adding API keys from additional API services will further enrich your results.
Some APIs only work for emails. This is the case for:
- emailrep.io (requires key - free tier)
- hunter.io (default - free tier)
- haveibeenpwned.com
The rest of the included APIs support different types of data to target. This includes:
- scylla.sh (default) - Fund!
- leak-lookup.com
- snusbase.com
- weleakinfo.com - currently offline
- dehashed.com
- intelx.io - free trial key
- breachdirectory.tk - free for infosec students and pros
Here is the list of the supported queries by API provider (excluding the email-only APIs):
| username | domain | hash | password | ip | |
|---|---|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ | ✅ | |
| LeakLookup | ✅ | ✅ | ✅ | ✅ | |
| Snusbase | ✅ | ✅ | ✅ | ✅ | |
| Scylla | ✅ | ✅ | ✅ | ✅ | ✅ |
| Dehashed | ✅ | ✅ | ✅ | ✅ | ✅ |
| IntelX | ✅ | ✅ | ✅ | ✅ | ✅ |
| BreachDirectory | ✅ | ✅ | ✅ | ✅ |
h8mail can generate a template configuration file in the current working directory using -g.
$ h8mail -g
***snip***
[>] Generated h8mail template configuration file (/home/user/h8mail_config.ini)
DoneThe configuration file format is as follows:
[h8mail]
; h8mail will automatically detect present keys & launch services accordingly
; Uncomment to activate
;hunterio =
;snusbase_token =
;;weleakinfo_priv =
;;weleakinfo_pub =
;hibp =
;leak-lookup_pub = 1bf94ff907f68d511de9a610a6ff9263
;leak-lookup_priv =
;emailrep =
;dehashed_email =
;dehashed_key =
;intelx_key =
;intelx_maxfile = 10
;breachdirectory_user =
;breachdirectory_pass =
In the above example, you'll notice a Leak-lookup public key, graciously generated for h8mail users. To activate, uncomment the line and make sure to pass to config file. The API can sometimes timeout. If that's the case, simply relaunch.
h8mail can read keys by using a h8mail_config.ini file with -c, or by passing keys from the command line directly with -k:
$ h8mail -t john.smith@fcorp.com -c h8mail_config.iniKeys and their respective values can also be passed from the command line, with the -k option. Format is like so:
$ h8mail -t john.smith@fcorp.com -k "K=V, K=V" "K=V"
$ h8mail -t john.smith@fcorp.com -k "leak-lookup_pub=1bf94ff907f68d511de9a610a6ff9263"
Please note that some APIs might timeout depending on the traffic loads. If that is the case, simply relaunch as backend caching should have your request ready by then.
Some API providers supports additional search operators.
id, email, ip, username, password, hash, hash_type, name, vin, address, phone, database_name
address, address1, address2, country, email, firstname, ipaddress, lastname, middlename, mobile, number, password, phone, postcode, salt, state, userid, username, zip, zipcode
email, username, name, ip, password, hash
IntelX backend will recognize the data format automatically, no need to use custom queries. Use --debug to keep downloaded files
email, domain, hash, URL, IP, CIDR, phone number, bitcoin address, MAC address, credit card number, social security number, IBAN